CVE-2026-6134

Name of the Vulnerable Software and Affected Versions Tenda F451 version 1.0.0.7 cn svn7958

Description A security flaw exists in the fromqossetting function of the /goform/qossetting file in Tenda F451 version 1.0.0.7 cn svn7958. Manipulation of the qos argument can lead to a stack-based buffer overflow, potentially allowing for remote attacks. The exploit for this issue has been publicly released.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the fromqossetting function until a patch is available.